Spamhaus HBL

Overview

The Spamhaus Hash Blocklist (HBL) is a list used to identify malicious content found within email messages. Unlike traditional blocklists that list IP addresses or domains, the HBL stores cryptographic hashes of specific elements such as email addresses, cryptocurrency wallet addresses, malware files, and URLs. By comparing these hashes against the blocklist, mail systems can detect and block malicious content even when it originates from otherwise reputable sending infrastructure, such as a compromised account at a major email provider.

Mailgun will soon offer monitoring of the Spamhaus HBL, with initial support focused on email addresses. When an email address is flagged on the HBL, it typically indicates that the address has been compromised and is being used to send spam, phishing, or other email-borne threats, or that the address itself is associated with malicious activity.

Impacts

This listing occurs at the email address level. Because the HBL targets specific addresses rather than IPs or domains, a listing will not impact your entire sending infrastructure, but mail involving the listed address may be filtered, rejected, or routed to spam by receivers using Spamhaus data. If a compromised address is associated with your account, this can also indicate broader security or list hygiene issues that may eventually affect your domain or IP reputation if left unresolved.

It is also worth noting that an email address being listed on the HBL is often a signal that the account has been compromised or is being abused. Investigating the listing promptly helps protect both your sender reputation and the recipients you send to.

What to Do If You Are Listed

To better understand the potential problems that caused the listing, review the HBL information on the Spamhaus website. Once you have reviewed, you should then:

1. Find and correct the root cause of the listing. For email addresses, this typically involves checking whether the account has been compromised, resetting credentials, reviewing recent sending activity, and removing any compromised addresses from your active sending lists.
2. Audit your list acquisition and hygiene practices to make sure compromised or malicious addresses are not being added or used to send mail.
3. Request removal directly from Spamhaus once the root cause has been resolved. You can use the Spamhaus IP and Domain Reputation Checker to search the listed email address and follow the removal steps provided. If you have a Mailgun Technical Account Manager, please work with them to coordinate the removal.

It is important that the issue be resolved prior to requesting removal. Being honest and transparent will get you to a solution faster. Spamhaus is straightforward on what they want to know. If Spamhaus detects that a problem is ongoing they will not remove the listing.

Our Support Team here at Sinch Mailgun is happy to help! Reach out to us in the Support page of your Mailgun Control Panel, and we'll be with you shortly!